基于知识库的系统安全评估方法

System security assessment based on knowledge base

在系统非正常状态和正常状态这两种运行状况下,使用nmon等系统监测工具采集了代表系统运行状态的指标数据,对获取的指标数据进行了向量化操作,构造了可以反映系统运行状态的多维行为特征。采用类内、类间评价距离准则对指标数据进行了有效特征提取,构建了能够反映系统运行状态的行为特征知识库。然后利用行为特征知识库的数据构造了决策树,以判断系统所处状态是否安全。

Under the two kinds of system operation conditions, abnormal state and normal state, indicated data on behalf of the system running status was collected by system monitoring tools such as nmon, and the obtained index data was quantitatively operated. The features of multidimensional behavior was constructed which could reflect the running state of the system. The index data has been carried on by effective feature extraction by means of the between-class and within-class distance measurement criterion, and knowledge base of behavior features was constructed which reflects the system running state. The decision tree was constructed to judge whether the system of state was secure through data features of behavior knowledge base.